Benjamin Lannon
@lannonbr.com
A GitHub Action was compromised this past week. semgrep.dev/blog/2025/po...
I hope this is another indicator that @github.com should really prioritize immutable action releases. They do have it on their roadmap here: github.com/github/roadm... but it has been that way since late 2022.
I hope this is another indicator that @github.com should really prioritize immutable action releases. They do have it on their roadmap here: github.com/github/roadm... but it has been that way since late 2022.
Semgrep | 🚨 Popular GitHub Action tj-actions/changed-files is compromised
Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.
semgrep.dev
March 15, 2025 at 3:53 PM
A GitHub Action was compromised this past week. semgrep.dev/blog/2025/po...
I hope this is another indicator that @github.com should really prioritize immutable action releases. They do have it on their roadmap here: github.com/github/roadm... but it has been that way since late 2022.
I hope this is another indicator that @github.com should really prioritize immutable action releases. They do have it on their roadmap here: github.com/github/roadm... but it has been that way since late 2022.
Thanks to @ellie.wtf for this resource on an update to the ingress nginx controller. Bit my team today and was able to quickly resolve it: ellie.wtf/notes/ingres...
Fixing ingress-nginx ConfigurationSnippet validations
Today I found myself needing to configure ingress-nginx. I needed to write a bit of nginx config to rewrite status codes for certain routes. Something like nginx.ingress.kubernetes.io/configuration-sn...
ellie.wtf
January 13, 2025 at 4:21 PM
Thanks to @ellie.wtf for this resource on an update to the ingress nginx controller. Bit my team today and was able to quickly resolve it: ellie.wtf/notes/ingres...
I appreciate this trend spreading of smaller form written content / sharing links across the internet
Liked @simonwillison.net's post on running a link blog: simonwillison.net/2024/Dec/22/...
Been wanting this on my garden for a while – a place to post links & commentary that aren't big enough for a whole note or essay
So I made a new type of thing called “smidgeons” – maggieappleton.com/smidgeons
Been wanting this on my garden for a while – a place to post links & commentary that aren't big enough for a whole note or essay
So I made a new type of thing called “smidgeons” – maggieappleton.com/smidgeons
January 12, 2025 at 6:26 PM
I appreciate this trend spreading of smaller form written content / sharing links across the internet
Reposted by Benjamin Lannon
They squandered the holy grail
The newest post on Xe Iaso's blog
xeiaso.net
January 6, 2025 at 2:44 AM
I find it weird 2 years ago a feature request was added to GitHub to allow fine-grained access tokens to read / write to GitHub Packages, and yet it seems to not actually be prioritized to the point that it is still not implemented: github.com/github/roadm...
Packages support for fine-grained PATs · Issue #558 · github/roadmap
Summary Personal Access Tokens, or PATs, provide users a quick way to create tokens they can use to make API calls. The tokens allow users to specify scopes to determine what the token can access. ...
github.com
December 27, 2024 at 4:44 PM
I find it weird 2 years ago a feature request was added to GitHub to allow fine-grained access tokens to read / write to GitHub Packages, and yet it seems to not actually be prioritized to the point that it is still not implemented: github.com/github/roadm...
Reposted by Benjamin Lannon
Two stages of writing:
1) This shouldn't take too long
2) Oh no
1) This shouldn't take too long
2) Oh no
December 4, 2024 at 7:36 PM
Two stages of writing:
1) This shouldn't take too long
2) Oh no
1) This shouldn't take too long
2) Oh no
Reposted by Benjamin Lannon
I'm starting my 2024 #blogvent series where I post a blog a day in December!
Blogvent day 1 is about fighting spam in your open source repos:
cassidoo.co/post/oss-int...
Blogvent day 1 is about fighting spam in your open source repos:
cassidoo.co/post/oss-int...
Fighting open source spam with interaction limits
You can limit how people interact with your repositories to fight spam!
cassidoo.co
December 1, 2024 at 9:07 PM
I'm starting my 2024 #blogvent series where I post a blog a day in December!
Blogvent day 1 is about fighting spam in your open source repos:
cassidoo.co/post/oss-int...
Blogvent day 1 is about fighting spam in your open source repos:
cassidoo.co/post/oss-int...
I wrote today about intentional consumption of news / articles via RSS. Also set up an RSS feed on my site as of a week ago or so:
lannonbr.com/blog/rss-int...
lannonbr.com/blog/rss-int...
Intentional Consumption and why I am using RSS in 2024 and beyond
Why I am both distributing and consuming content again via RSS
lannonbr.com
November 2, 2024 at 8:15 PM
I wrote today about intentional consumption of news / articles via RSS. Also set up an RSS feed on my site as of a week ago or so:
lannonbr.com/blog/rss-int...
lannonbr.com/blog/rss-int...
I've been thinking about this for awhile that I want to make more content and just post more often without needing to stress about the act of writing:
micro.webology.dev/2024/11/02/p...
micro.webology.dev/2024/11/02/p...
Please publish and share more
Friends, I encourage you to publish more, indirectly meaning you should write more and then share it.
It’d be best to publish your work in some evergreen space where you control the domain and URL. Th...
micro.webology.dev
November 2, 2024 at 8:14 PM
I've been thinking about this for awhile that I want to make more content and just post more often without needing to stress about the act of writing:
micro.webology.dev/2024/11/02/p...
micro.webology.dev/2024/11/02/p...